A hacker accessed personal details of Nokia developers in an attack on the Nokia Developer site last week, the phone manufacturer has admitted.

The intrusion resulted in the apparent
attacker, 'pr0tect0r AKA mrNRG', redirecting visitors to the Nokia Developer Community forum
to a page berating Nokia for its server security. On Monday,
Nokia told forum members that it had originally believed "only a small
number" of their records had been accessed, but it had since
revised that analysis.

"Further investigation has identified that the number is
significantly larger," Nokia said in an email sent to developers,
apologising and explaining that a SQL injection attack had exploited a
vulnerability in the bulletin board software. The same statement was
also put on a
page that is still, at the time of writing, standing in for the
Nokia Developer Community site.

The company said it had addressed the initial vulnerability, but
has taken the developer community website offline as a "precautionary
measure, while we conduct further investigations and security
assessments".

"We hope to get the site back online as soon as possible and will
post developments here in the meantime," Nokia said.

According to Nokia, the database table records accessed in the
attack mostly consist of email addresses, leading the company to
believe that "the only potential impact to [members] may be
unsolicited email".

LOL, Worlds number 1 mobile company but not spending a dime for a server security!

– Hackers' message

However, almost seven percent of forum members also included
birthdates, homepage URLs or instant messaging usernames in their
public profiles, and this data may also have been accessed, Nokia
said.

"[The exposed records] do not contain sensitive information such as
passwords or credit card details and so we do not believe the security
of forum members' accounts is at risk," Nokia said, adding that "other
Nokia accounts are not affected" and the company remained unaware of
any misuse of the accessed data.

The page to which Nokia developers were briefly redirected showed a
picture of Homer Simpson, along with the words: "LOL, Worlds number 1
mobile company but not spending a dime for a server security! FFS
patch your security holes otherwise you will be just another antisec
victim. No Dumping, No Leaking!!"

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't be paying many bills. His early journalistic career was spent in general news, working behind the scenes for BBC radio and on-air as a newsreader for independent stations. David's main focus is on communications, of both...
Full Bio